diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in
index 78d43c7208..6a3e6ca4a7 100644
--- a/bin/tests/system/dnssec/ns2/named.conf.in
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -60,10 +60,10 @@ dnssec-policy "not-enough-hours-in-day" {
 		zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
 	};
 
-	/* validity 500 days, resign in 449 days */
+	/* validity 500 days, with one 1 day jitter (resign in 499 days) */
+	signatures-jitter 1d;
 	signatures-validity-dnskey 500d;
 	signatures-validity 500d;
-	signatures-refresh 449d;
 };
 
 zone "." {
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index db91fae310..ffbba1b033 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -4360,7 +4360,7 @@ status=$((status + ret))
 
 echo_i "checking signatures-validity second field hours vs days ($n)"
 ret=0
-# zone configured with 'signatures-validity 500 499;'
+# zone configured with 'signatures-validity 500d; signatures-refresh 1d'
 # 499 days in the future w/ a 20 minute runtime to now allowance
 min=$(TZ=UTC $PERL -e '@lt=localtime(time() + 499*3600*24 - 20*60); printf "%.4d%0.2d%0.2d%0.2d%0.2d%0.2d\n",$lt[5]+1900,$lt[4]+1,$lt[3],$lt[2],$lt[1],$lt[0];')
 dig_with_opts @10.53.0.2 hours-vs-days AXFR >dig.out.ns2.test$n